03-01-2019 06:13 AM
Hi, I have been trying to understand if I missed something or if if there is a limit for the crypto maps when creating a vpn,
there was already up and running a vpn tunnel
crypto map OUTSIDE_map1 9 match address OUTSIDE_cryptomap_9 crypto map OUTSIDE_map1 10 set peer X.X.X.X crypto map OUTSIDE_map1 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
So I tried the create new vpn under the sequence of 10
crypto map OUTSIDE_map1 11 match address OUTSIDE_cryptomap_10
crypto map OUTSIDE_map1 11 set peer X.X.X.X
crypto map OUTSIDE_map1 11 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
and I got the error:
ERROR: Exceeded maximum of 9 ipsec-proposals for crypto map.
and overwrote the crytpos that I have and merged them
Solved! Go to Solution.
03-01-2019 11:25 AM
How did "crypto map OUTSIDE_map1 10 set peer 37.120.33.66" change to "crypto map OUTSIDE_map1 10 set peer 37.120.33.66 38.122.33.68"?
Looks like there is/was a typo in the input commands that you are sending to the ASA. You might have mistakenly changed another crypto map entry (sequence 10) instead of Sequence 11.
The error message "ERROR: Exceeded maximum of 9 ipsec-proposals for crypto map." comes in if you already have IPsec proposals on a sequence number and try to add more than 9 to the same sequence number.
03-01-2019 07:07 AM
Strange. Can you attach the sanitized output of "show run crypto" here? It looks like you are only adding 5. Unless there is already something configured under sequence 11.
03-01-2019 10:07 AM
yes, not sure and not quite familiar with the CLI,
I modified so Ips are fake, the rest is what I currently have
not sure how to revert it back
BEFORE THE CHANGE
crypto map OUTSIDE_map1 10 match address OUTSIDE_cryptomap_9
crypto map OUTSIDE_map1 10 set peer 37.120.33.66
crypto map OUTSIDE_map1 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
BELOW AFTER THE CHANGE
crypto map OUTSIDE_map1 10 match address OUTSIDE_cryptomap_9
crypto map OUTSIDE_map1 10 set peer 37.120.33.66 38.122.33.68
crypto map OUTSIDE_map1 10 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map OUTSIDE_map1 11 match address OUTSIDE_cryptomap_10
crypto map OUTSIDE_map1 11 set peer 38.122.33.68
crypto map OUTSIDE_map1 11 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
INFO: You must configure ikev2 remote-authentication pre-shared-key
and/or certificate to complete authentication.
ERROR: Exceeded maximum of 9 ipsec-proposals for crypto map.
CISCO_ASAFW/pri/act(config)#
03-01-2019 11:25 AM
How did "crypto map OUTSIDE_map1 10 set peer 37.120.33.66" change to "crypto map OUTSIDE_map1 10 set peer 37.120.33.66 38.122.33.68"?
Looks like there is/was a typo in the input commands that you are sending to the ASA. You might have mistakenly changed another crypto map entry (sequence 10) instead of Sequence 11.
The error message "ERROR: Exceeded maximum of 9 ipsec-proposals for crypto map." comes in if you already have IPsec proposals on a sequence number and try to add more than 9 to the same sequence number.
03-01-2019 08:58 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: